CVE-2008-1066

Publication date 28 February 2008

Last updated 24 July 2024

Ubuntu priority

The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
gallery2	8.04 LTS hardy	Ignored end of life, was needed
	7.10 gutsy	Ignored end of life, was needed
	7.04 feisty	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life, was needed
smarty	7.10 gutsy	Fixed 2.6.18-1ubuntu2.1
	7.04 feisty	Fixed 2.6.14-1ubuntu0.7.04.1
	6.10 edgy	Fixed 2.6.14-1ubuntu0.6.10.1
	6.06 LTS dapper	Fixed 2.6.11-1ubuntu0.1

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
gallery2	Other: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492
smarty	Other: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492 Debdiff: https://bugs.launchpad.net/ubuntu/+source/smarty/+bug/202422

References

Other references

https://www.cve.org/CVERecord?id=CVE-2008-1066